function User($username, $password, $email = "", $firstname = "", $lastname = "", $webpage = "", $birthdate = "", $description = "") { $this->username = $username; setPassword($password); setEmail($email); setFirstname($firstname); setLastname($lastname); setWebpage($webpage); setBirthdate($birthdate); setDescription($description); }
return false; } } // ============================================================================ // Main before POST // ============================================================================ // ============================================================================ // POST Method // ============================================================================ if ($_SERVER['REQUEST_METHOD'] == 'POST') { // Prevent editors to administrate other users. if ($Login->role() !== 'admin') { $_POST['username'] = $Login->username(); unset($_POST['role']); } if (setPassword($_POST['username'], $_POST['new_password'], $_POST['confirm_password'])) { Redirect::page('admin', 'users'); } } // ============================================================================ // Main after POST // ============================================================================ if ($Login->role() !== 'admin') { $layout['parameters'] = $Login->username(); } $_user = $dbUsers->getDb($layout['parameters']); // If the user doesn't exist, redirect to the users list. if ($_user === false) { Redirect::page('admin', 'users'); } $_user['username'] = $layout['parameters'];
<?php if (isset($_POST['action']) && $_POST['action'] == 'My Account') { $projects = getUserProjects($_SESSION['id']); include 'myAccount.html.php'; exit; } if (isset($_GET['setPassword'])) { include 'setPassword.html.php'; exit; } if (isset($_GET['setPasswordForm'])) { setPassword(); header('Location: .'); exit; } if (isset($_POST['action']) && $_POST['action'] == 'Edit My Info') { include 'editUserForm.html.php'; exit; } if (isset($_GET['updateUser'])) { updateUser(); $_SESSION['firstName'] = $_POST['firstName']; $_SESSION['lastName'] = $_POST['lastName']; $_SESSION['email'] = $_POST['email']; $_SESSION['phone'] = $_POST['phone']; header('Location: .'); exit; }
} // response to create pad form if (isset($_POST['createPadinGroup'])) { if (isset($_POST['start_sitzung'])) { $padname = 'Sitzung' . date('Ymd'); $passwd = mt_rand(10000, 99999); } else { $padname = $_POST['pad_name']; $starttext = "Willkommen im wesentlichen Etherpad auf D120.de!\r\n\r\n"; } try { $instance->createGroupPad($groupmap[$group], $padname, ''); $padid = $groupmap[$group] . '$' . $padname; $db->prepare('INSERT INTO padman_pad_cache (group_mapper, group_id, pad_name, last_edited) VALUES (?,?,?,NOW())')->execute(array($group, $groupmap[$group], $padname)); if (isset($_POST['start_sitzung'])) { update_pad($padid, array("shortlink" => 'si' . date('md'))); $instance->setPublicStatus($padid, true); setPassword($padid, $passwd); $starttext = file_get_contents('template-sitzung.txt'); $starttext = str_replace("{{heute}}", date("d.m.Y"), $starttext); $starttext = "Kurzlink zum Pad: " . SHORTLNK_PREFIX . 'si' . date('md') . "\nPasswort: {$passwd}\n\n" . $starttext; $instance->setText($padid, $starttext); } setcookie("infobox", "<div class='alert alert-success'><button type='button' class='close' onclick='location=location.href'><span aria-hidden='true'>×</span><span class='sr-only'>Close</span></button>\n <h4><i class='glyphicon glyphicon-ok-circle'></i> Pad " . $padname . " erfolgreich angelegt!</h4>" . '<p><a href="' . SELF_URL . '?group=' . $group . '&show=' . $padname . '" class="btn btn-success btn-lg">Jetzt öffnen</a></p> </div>'); } catch (Exception $e) { setcookie("infobox", "<div class='alert alert-danger'><button type='button' class='close' onclick='location=location.href'><span aria-hidden='true'>×</span><span class='sr-only'>Close</span></button>\n <h4><i class='glyphicon glyphicon-warning-sign'></i> Neues Pad konnte nicht erstellt werden.</h4>\n <p>" . $e->getMessage() . "</p></div>\n"); } header("HTTP/1.1 303 See other"); header("Location: " . SELF_URL . $group); }
$loq->template_dir = LOQ_APP_ROOT . 'includes/admin_templates'; $loq->assign('sidemsg', 'Loquacity Password Recovery'); $_SESSION['username'] = $_POST['username']; $_SESSION['answer'] = $_POST['answer']; // if a username in the post is entered, and that username exists in the database, if (isset($_SESSION['username']) && $_SESSION['username'] == checkUsername($_SESSION['username'])) { // get the secret question for the user $secQuestion = $myPasswdMgr->getQuestion($_SESSION['username']); $loq->assign('question', $secQuestion); $_SESSION['answer'] = $_POST['answer']; $template = 'askquestion.html'; // Now check if we have an answer or not, and compare them. // psudo: if (checkAnswers(pw1,pw2) where pw1 = getAnswer(username) if ($myPasswdMgr->checkAnswers($myPasswdMgr->getAnswer($_SESSION['username']), $_SESSION['answer'])) { // success! reset password and send the email. setPassword($_SESSION['username'], $_SESSION['answer']); sendEmail($user, $email, $passwd); $template = 'status.html'; } else { $loq->assign('title', 'Please answer your question'); $template = 'askquestion.html'; } } else { $loq->assign('title', 'Please enter your Loquacity username'); $template = 'getusername.html'; } function setPassword($user, $passwd) { global $myPasswdMgr; /** * I could have just said passwordManager::setPassword($user, stringHandler::toSHA1(passwordManager::randomWord(5)));
function admin() { global $ADMIN_CONF; global $loginpassword; global $specialchars; if (function_exists('gzopen') and getRequestValue('get_backup', 'post') == "true") { send_backup_zip(); } if (getRequestValue('chanceadmin', 'post') == "true") { echo set_admin_para(); exit; } elseif (getRequestValue('newpw', 'post') or getRequestValue('newname', 'post') or getRequestValue('newpwrepeat', 'post') or getRequestValue('newuserpw', 'post') or getRequestValue('newusername', 'post') or getRequestValue('newuserpwrepeat', 'post')) { if (false !== ($newname = getRequestValue('newname', 'post', false)) and false !== ($newpw = getRequestValue('newpw', 'post', false)) and false !== ($newpwrepeat = getRequestValue('newpwrepeat', 'post', false)) and $newname != "" and $newpw != "" and $newpwrepeat != "") { if (ROOT) { echo setPassword($newname, $newpw, $newpwrepeat, "root"); exit; } else { ajax_return("error", true, returnMessage(false, getLanguageValue("error_no_root")), true, true); } } elseif (false !== ($newusername = getRequestValue('newusername', 'post', false)) and false !== ($newuserpw = getRequestValue('newuserpw', 'post', false)) and false !== ($newuserpwrepeat = getRequestValue('newuserpwrepeat', 'post', false)) and $newusername != "" and $newuserpw != "" and $newuserpwrepeat != "") { echo setPassword($newusername, $newuserpw, $newuserpwrepeat, "user"); exit; } else { ajax_return("error", true, returnMessage(false, getLanguageValue("pw_error_missingvalues")), true, true); } } elseif (getRequestValue('deluser', 'post') == "true") { if (ROOT) { $user = $loginpassword->get("username"); $loginpassword->set("username", ""); $loginpassword->set("userpw", ""); ajax_return("success", true, returnMessage(true, '<b>' . $user . '</b> ' . getLanguageValue("admin_messages_del_user")), true, true); } else { ajax_return("error", true, returnMessage(false, getLanguageValue("error_no_root")), true, true); } } elseif (USE_CHMOD and getRequestValue('chmodupdate', 'post') == "true" and false !== ($chmodnewfilesatts = getRequestValue('chmodnewfilesatts', 'post')) and $chmodnewfilesatts != "") { if (!preg_match("/^[0-7]{3}\$/", $chmodnewfilesatts)) { ajax_return("error", true, returnMessage(false, getLanguageValue("admin_error_chmodnewfilesatts")), true, true); } if ($ADMIN_CONF->get('chmodnewfilesatts') != $chmodnewfilesatts) { $ADMIN_CONF->set('chmodnewfilesatts', $chmodnewfilesatts); } if (true !== ($error = setUserFilesChmod())) { ajax_return("error", true, $error, true, true); } ajax_return("success", true, returnMessage(false, getLanguageValue("admin_messages_chmod")), true, true); } $pagecontent = ""; $template = array(); $error = array(); $show = $ADMIN_CONF->get("admin"); if (!is_array($show)) { $show = array(); } $titel = "admin_button"; if (ROOT or in_array("language", $show)) { $count = 0; if (isset($template[$titel])) { $count = count($template[$titel]); } // Zeile "SPRACHAUSWAHL" $language_array = getDirAsArray(BASE_DIR_ADMIN . 'sprachen', "file", "natcasesort"); if (count($language_array) <= 0) { $error[$titel][$count] = getLanguageValue("admin_error_language_empty"); } elseif (!in_array("language_" . $ADMIN_CONF->get('language') . ".txt", $language_array)) { $error[$titel][$count] = getLanguageValue("admin_error_languagefile_error") . "<br />" . ADMIN_DIR_NAME . "/sprachen/language_" . $ADMIN_CONF->get('language') . ".txt"; } else { $error[$titel][$count] = false; } $admin_inhalt = '<div class="mo-select-div"><select name="language" class="mo-select js-language">'; foreach ($language_array as $element) { if (substr($element, 0, 9) == "language_") { $selected = NULL; $tmp_array = file(BASE_DIR_ADMIN . "sprachen/" . $element); $currentlanguage = NULL; foreach ($tmp_array as $line) { if (preg_match("/^#/", $line) || preg_match("/^\\s*\$/", $line)) { continue; } if (preg_match("/^([^=]*)=(.*)/", $line, $matches)) { if (trim($matches[1]) == "_translator") { $currentlanguage = trim($matches[2]); break; } } } if (substr($element, 9, 4) == $ADMIN_CONF->get("language")) { $selected = "selected "; } $admin_inhalt .= "<option " . $selected . "value=\"" . substr($element, 9, 4) . "\">" . substr($element, 9, 4) . " (" . getLanguageValue("admin_input_translator") . " " . $currentlanguage . ")</option>"; } } $admin_inhalt .= "</select></div>"; $template[$titel][] = array(getLanguageValue("admin_input_language"), $admin_inhalt); } // Zeile "ADMIN-MAIL" if (ROOT or in_array("adminmail", $show)) { if (function_exists("isMailAvailable")) { $template[$titel][] = array(getLanguageValue("admin_text_adminmail"), '<input type="text" class="mo-input-text" name="adminmail" value="' . $specialchars->rebuildSpecialChars($ADMIN_CONF->get("adminmail"), true, true) . '" />'); } } // Zeile "BACKUP-ERINNERUNG" if (ROOT or in_array("backupmsgintervall", $show)) { $template[$titel][] = array(getLanguageValue("admin_text_backup"), '<input type="text" class="mo-input-digit js-in-digit" name="backupmsgintervall" value="' . $ADMIN_CONF->get("backupmsgintervall") . '" />'); } // Zeile "Backup" if (ROOT or in_array("getbackup", $show)) { if (function_exists('gzopen')) { $cms_size = dirsize(BASE_DIR_ADMIN) + dirsize(BASE_DIR_CMS); if (false !== ($tmp_size = dirsize(BASE_DIR . "jquery/"))) { $cms_size += $tmp_size; } $cms_input = buildCheckBox("backup_include_cms", "true", getLanguageValue("admin_button_include_cms") . " (<span class=\"js-file-size\">" . convertFileSizeUnit($cms_size) . "</span>)") . '<br />'; $catpage_input = ""; if (false !== ($tmp_size = dirsize(CONTENT_DIR_REL))) { $catpage_input = buildCheckBox("backup_include_catpage", "false", getLanguageValue("admin_button_include_catpage") . " (<span class=\"js-file-size\">" . convertFileSizeUnit($tmp_size) . "</span>)") . '<br />'; } $gallery_input = ""; if (false !== ($tmp_size = dirsize(GALLERIES_DIR_REL))) { $gallery_input = buildCheckBox("backup_include_gallery", "false", getLanguageValue("admin_button_include_gallery") . " (<span class=\"js-file-size\">" . convertFileSizeUnit($tmp_size) . "</span>)") . '<br />'; } $layouts_input = ""; if (false !== ($tmp_size = dirsize(BASE_DIR . LAYOUT_DIR_NAME))) { $layouts_input = buildCheckBox("backup_include_layouts", "false", getLanguageValue("admin_button_include_layouts") . " (<span class=\"js-file-size\">" . convertFileSizeUnit($tmp_size) . "</span>)") . '<br />'; } $plugins_input = ""; if (false !== ($tmp_size = dirsize(BASE_DIR . PLUGIN_DIR_NAME))) { $plugins_input = buildCheckBox("backup_include_plugins", "false", getLanguageValue("admin_button_include_plugins") . " (<span class=\"js-file-size\">" . convertFileSizeUnit($tmp_size) . "</span>)") . '<br />'; } $docu_input = ""; if (false !== ($tmp_size = dirsize(BASE_DIR . "docu/"))) { $docu_input = buildCheckBox("backup_include_docu", "false", getLanguageValue("admin_button_include_docu") . " (<span class=\"js-file-size\">" . convertFileSizeUnit($tmp_size) . "</span>)") . '<br />'; } $template[$titel][] = array(getLanguageValue("admin_text_get_backup"), '<form action="index.php?action=' . ACTION . '" method="post">' . '<input type="hidden" name="get_backup" value="true" />' . $cms_input . $catpage_input . $gallery_input . $layouts_input . $plugins_input . $docu_input . '<div style="font-size:.4em;"> </div>' . '<input type="submit" name="admin_button_get_backup" value="' . getLanguageValue("admin_button_get_backup") . '" />' . '<span class="js-file-size-summe mo-padding-left">' . convertFileSizeUnit($cms_size) . '</span>' . '</form>'); } } // Zeile "SETZE DATEIRECHTE FÜR NEUE DATEIEN" if (ROOT or in_array("chmodnewfilesatts", $show)) { if (USE_CHMOD) { $template[$titel][] = array(getLanguageValue("admin_text_chmodnewfiles"), '<input type="text" class="mo-input-digit js-in-chmod" size="4" maxlength="3" name="chmodnewfilesatts" value="' . $ADMIN_CONF->get("chmodnewfilesatts") . '" /><br /><br />' . '<input type="button" name="chmodupdate" value="' . getLanguageValue("admin_input_chmodupdate") . '" />'); } } // Zeile "UPLOAD-FILTER" if (ROOT or in_array("noupload", $show)) { $template[$titel][] = array(getLanguageValue("admin_text_uploadfilter"), '<input type="text" class="mo-input-text" name="noupload" value="' . $specialchars->rebuildSpecialChars($ADMIN_CONF->get("noupload"), true, true) . '" />'); } global $loginpassword; if (ROOT) { $template[$titel][] = getLanguageValue("pw_text_login") . '<br /><br />' . getLanguageValue("pw_help") . '<table width="100%" cellspacing="0" border="0" cellpadding="0" class="">' . '<tr><td> </td><td class="mo-in-li-r">' . getLanguageValue("pw_titel_newname") . '</td><td class="mo-in-li-r">' . '<input type="text" class="js-in-pwroot mo-input-text" name="newname" value="' . $loginpassword->get("name") . '" />' . '</td></tr>' . '<tr><td> </td><td>' . getLanguageValue("pw_titel_newpw") . '</td><td>' . '<input type="password" class="js-in-pwroot mo-input-text" value="' . NULL . '" name="newpw" />' . '</td></tr>' . '<tr><td> </td><td>' . getLanguageValue("pw_titel_newpwrepeat") . '</td><td>' . '<input type="password" class="js-in-pwroot mo-input-text" value="" name="newpwrepeat" />' . '</td></tr>' . "</table>"; } if (ROOT or in_array("userpassword", $show)) { $deluser = NULL; $user_allowed_settings = NULL; if (ROOT) { $deluser = '******' . '<input type="button" name="deluser" value="' . getLanguageValue("admin_button_del_user") . '" />' . '<div style="font-size:.4em;"> </div>' . '</td></tr>'; $user_allowed_settings = '<br />' . '<div class="ui-helper-clearfix">' . '<div class="mo-in-li-l">' . getLanguageValue("admin_noroot_text") . '</div>' . '<div class="mo-in-li-r">' . userSettings("tabs") . '<div style="font-size:.4em;"> </div>' . userSettings("config") . '<div style="font-size:.4em;"> </div>' . userSettings("admin") . '<div style="font-size:.4em;"> </div>' . userSettings("plugins") . '<div style="font-size:.4em;"> </div>' . userSettings("template") . '</div>' . '</div>'; } $template[$titel][] = getLanguageValue("userpw_text_login") . '<br /><br />' . getLanguageValue("pw_help") . '<table width="100%" cellspacing="0" border="0" cellpadding="0" class="">' . $deluser . '<tr><td> </td><td class="mo-in-li-r">' . getLanguageValue("userpw_titel_newname") . '</td><td class="mo-in-li-r">' . '<input type="text" class="js-in-pwuser mo-input-text" name="newusername" value="' . $loginpassword->get("username") . '" />' . '</td></tr>' . '<tr><td> </td><td>' . getLanguageValue("userpw_titel_newpw") . '</td><td>' . '<input type="password" class="js-in-pwuser mo-input-text" value="' . NULL . '" name="newuserpw" />' . '</td></tr>' . '<tr><td> </td><td>' . getLanguageValue("userpw_titel_newpwrepeat") . '</td><td>' . '<input type="password" class="js-in-pwuser mo-input-text" value="" name="newuserpwrepeat" />' . '</td></tr>' . "</table>" . $user_allowed_settings; } $pagecontent .= contend_template($template, $error); return $pagecontent; }
/** * Send password * * @param string $uniqueKey * @return bool TRUE when password was sended, FALSE otherwise */ function sendPassword($uniqueKey) { /** @var $cfg iMSCP_Config_Handler_File */ $cfg = iMSCP_Registry::get('config'); $stmt = exec_query('SELECT `admin_name`, `created_by`, `fname`, `lname`, `email` FROM `admin` WHERE `uniqkey` = ?', $uniqueKey); if ($stmt->rowCount()) { $adminName = $stmt->fields['admin_name']; $createdBy = $stmt->fields['created_by']; $adminFirstName = $stmt->fields['fname']; $adminLastName = $stmt->fields['lname']; $to = $stmt->fields['email']; $userPassword = passgen(); setPassword($uniqueKey, $userPassword); write_log('Lostpassword: '******': password updated', E_USER_NOTICE); exec_query('UPDATE `admin` SET `uniqkey` = ?, `uniqkey_time` = ? WHERE `uniqkey` = ?', array('', '', $uniqueKey)); if ($createdBy == 0) { $createdBy = 1; } $data = get_lostpassword_password_email($createdBy); $fromName = $data['sender_name']; $fromEmail = $data['sender_email']; $subject = $data['subject']; $message = $data['message']; $baseServerVhostPrefix = $cfg['BASE_SERVER_VHOST_PREFIX']; $baseServerVhost = $cfg['BASE_SERVER_VHOST']; $baseServerVhostPort = $baseServerVhostPrefix == 'http://' ? $cfg['BASE_SERVER_VHOST_HTTP_PORT'] == '80' ? '' : ':' . $cfg['BASE_SERVER_VHOST_HTTP_PORT'] : ($cfg['BASE_SERVER_VHOST_HTTPS_PORT'] == '443' ? '' : ':' . $cfg['BASE_SERVER_VHOST_HTTPS_PORT']); if ($fromName) { $from = '"' . $fromName . '" <' . $fromEmail . '>'; } else { $from = $fromEmail; } $search = array(); $replace = array(); $search[] = '{USERNAME}'; $replace[] = $adminName; $search[] = '{NAME}'; $replace[] = $adminFirstName . " " . $adminLastName; $search[] = '{PASSWORD}'; $replace[] = $userPassword; $search[] = '{BASE_SERVER_VHOST_PREFIX}'; $replace[] = $baseServerVhostPrefix; $search[] = '{BASE_SERVER_VHOST}'; $replace[] = $baseServerVhost; $search[] = '{BASE_SERVER_VHOST_PORT}'; $replace[] = $baseServerVhostPort; $subject = str_replace($search, $replace, $subject); $message = str_replace($search, $replace, $message); $headers = 'From: ' . $from . "\n"; $headers .= "MIME-Version: 1.0\nContent-Type: text/plain; charset=utf-8\n"; $headers .= "Content-Transfer-Encoding: 7bit\n"; $headers .= 'X-Mailer: i-MSCP mailer'; $mailResult = mail($to, $subject, $message, $headers); $mailStatus = $mailResult ? 'OK' : 'NOT OK'; $from = tohtml($from); write_log("Lostpassword activated: To: |{$to}|, From: |{$from}|, Status: |{$mailStatus}| !", E_USER_NOTICE); return true; } return false; }
// ============================================================================ // ============================================================================ // POST Method // ============================================================================ if ($_SERVER['REQUEST_METHOD'] == 'POST') { // Prevent editors users to administrate other users. if ($Login->role() !== 'admin') { $_POST['username'] = $Login->username(); unset($_POST['role']); } if (isset($_POST['delete-user-all'])) { deleteUser($_POST, true); } elseif (isset($_POST['delete-user-associate'])) { deleteUser($_POST, false); } elseif (isset($_POST['change-password'])) { setPassword($_POST); } elseif (isset($_POST['edit-user'])) { editUser($_POST); } } // ============================================================================ // Main after POST // ============================================================================ if ($Login->role() !== 'admin') { $layout['parameters'] = $Login->username(); } $_user = $dbUsers->getDb($layout['parameters']); // If the user doesn't exist, redirect to the users list. if ($_user === false) { Redirect::page('admin', 'users'); }
die(json_encode(array("status" => "ok"))); } // response to create pad form if (isset($_POST['createPadinGroup'])) { if (isset($_POST['start_sitzung'])) { $padname = 'Sitzung' . date('Ymd'); $passwd = mt_rand(10000, 99999); } else { $padname = $_POST['pad_name']; $starttext = "Willkommen im wesentlichen Etherpad auf D120.de!\r\n\r\n"; } try { $instance->createGroupPad($groupmap[$group], $padname, ''); if (isset($_POST['start_sitzung'])) { $sldb->store($groupmap[$group] . '$' . $padname, 'si' . date('md')); $instance->setPublicStatus($groupmap[$group] . '$' . $padname, true); setPassword($groupmap[$group] . '$' . $padname, $passwd); $starttext = file_get_contents('template-sitzung.txt'); $starttext = str_replace("{{heute}}", date("d.m.Y"), $starttext); $starttext = "Kurzlink zum Pad: " . SHORTLNK_PREFIX . 'si' . date('md') . "\nPasswort: {$passwd}\n\n" . $starttext; // $starttext = nl2br($starttext); $instance->setText($groupmap[$group] . '$' . $padname, $starttext); } setcookie("infobox", "<div class='alert alert-success'><button type='button' class='close' onclick='location=location.href'><span aria-hidden='true'>×</span><span class='sr-only'>Close</span></button>\n <h4><i class='glyphicon glyphicon-ok-circle'></i> Pad " . $padname . " erfolgreich angelegt!</h4>" . '<p><a href="' . SELF_URL . '?group=' . $group . '&show=' . $padname . '" class="btn btn-success btn-lg">Jetzt öffnen</a></p> </div>'); } catch (Exception $e) { setcookie("infobox", "<div class='alert alert-danger'><button type='button' class='close' onclick='location=location.href'><span aria-hidden='true'>×</span><span class='sr-only'>Close</span></button>\n <h4><i class='glyphicon glyphicon-warning-sign'></i> Neues Pad konnte nicht erstellt werden.</h4>\n <p>" . $e->getMessage() . "</p></div>\n"); } header("HTTP/1.1 303 See other"); header("Location: " . SELF_URL . $group); }
setError('Fehler beim speichern des Nachnamen!'); } } header("location: {$SETTINGS['url']}/settings"); exit; } if (isset($_POST['password']) && isset($_POST['password2'])) { $password = $_POST['password']; $password2 = $_POST['password2']; if (strlen(trim($password)) < 5) { setError('Passwort zu kurz!'); } else { if ($password != $password2) { setError('Du hast das Passwort nicht richtig wiederholt!'); } else { if (setPassword($_SESSION['userid'], $password)) { setInfo('Passwort gespeichert!'); } else { setError('Fehler beim speichern des Passwortes!'); } } } header("location: {$SETTINGS['url']}/settings"); exit; } $TITLE = 'Einstellungen'; $CONTENT = <<<EOT <h2>Einstellungen</h2> <div class="settingsbox"> \t<form method="post" action="{$SETTINGS['path']}/settings">
} //prevent missing language file if (in_array($_SESSION[$_SESSION["CFGURL"]][lang], $idiomas_disponibles)) { require_once T3_ABSPATH . 'common/lang/' . $_SESSION[$_SESSION["CFGURL"]][lang][1]; } else { require_once T3_ABSPATH . 'common/lang/' . $idiomas_disponibles[en][1]; } if ($_GET[cmdlog] == substr(md5(date("Ymd")), "5", "10")) { //Save stadistics $stats = doLastModified(); unset($_SESSION[$_SESSION["CFGURL"]]); header("Location:index.php"); } if ($_POST[id_correo_electronico]) { $chk_user = ''; $chk_user = ARRAYcheckLogin($_POST[id_correo_electronico]); if ($chk_user["user_id"]) { //if the hash not hashed because the admin of tematres change the CFG_HASH_PASS config in db.tematres.php if (strlen($chk_user["pass"]) < 34 && CFG_HASH_PASS) { setPassword($chk_user["user_id"], $chk_user[pass], CFG_HASH_PASS); $chk_user = ARRAYcheckLogin($_POST[id_correo_electronico]); } if (check_password($_POST["id_password"], $chk_user["pass"])) { $_SESSION[$_SESSION["CFGURL"]][ssuser_id] = $chk_user["user_id"]; $_SESSION[$_SESSION["CFGURL"]][ssuser_nivel] = $chk_user["nivel"]; $_SESSION[$_SESSION["CFGURL"]][ssuser_nombre] = $chk_user["name"]; //redirigir header("Location:index.php"); } } }
echo '<script>showError("New password confirmation failed");</script>'; } else { // Define $username and $password $newPassword = $_POST['newPw']; $oldPassword = $_POST['oldPw']; $confNewPassword = $_POST['confNewPw']; // To protect MySQL injection for Security purpose $newPassword = stripslashes($newPassword); $oldPassword = stripslashes($oldPassword); $confNewPassword = stripslashes($confNewPassword); $newPassword = mysql_real_escape_string($newPassword); $oldPassword = mysql_real_escape_string($oldPassword); $confNewPassword = mysql_real_escape_string($confNewPassword); $arr = getPassword($login_session); $existingPw = $arr["password"]; //hash using md5 enryption $hashedOldPassword = md5($oldPassword); if ($existingPw == $hashedOldPassword) { $hashedNewPassword = md5($newPassword); //set the new password setPassword($login_session, $hashedNewPassword); echo '<script>showSuccess("Password successfully changed");</script>'; echo '<script type="text/javascript">var myVar = setTimeout(function () {reDirect()}, 3000);</script>'; } else { echo '<script>showError("Old Password is incorrect!");</script>'; } } } } } }
function __construct() { setName(); setUsername(); setPassword(); }
public function __construct($username, $password, $email) { setUsername($username); setPassword($password); setEmail($email); }
} else { if (setLastName($userid, $newlastname)) { setInfo('Nachname wurde gespeichert!'); } else { setError('Fehler beim speichern des Nachnamen!'); } } header("location: {$SETTINGS['url']}/user/{$userid}"); exit; } if (isset($_POST['password'])) { $password = $_POST['password']; if (strlen(trim($password)) < 5) { setError('Passwort zu kurz!'); } else { if (setPassword($userid, $password)) { setInfo('Passwort gespeichert!'); } else { setError('Fehler beim speichern des Passwortes!'); } } header("location: {$SETTINGS['url']}/user/{$userid}"); exit; } if (isset($_POST['delete']) && isset($_POST['code'])) { $code = $_POST['code']; if ($code == $_SESSION['deletecode']) { $code = sha1(rand()); $_SESSION['deletecode'] = $code; header("location: {$SETTINGS['url']}/user/{$userid}/{$code}"); exit;
function changePassword($nick, $newPassword) { $hashedPassword = hash("sha256", $newPassword, false); return setPassword($nick, $hashedPassword); }
function sendpassword($uniqkey) { $cfg = EasySCP_Registry::get('Config'); $sql = EasySCP_Registry::get('Db'); $query = "\n\t\tSELECT\n\t\t\t`admin_name`, `created_by`, `fname`, `lname`, `email`\n\t\tFROM\n\t\t\t`admin`\n\t\tWHERE\n\t\t\t`uniqkey` = ?\n\t"; $res = exec_query($sql, $query, $uniqkey); if ($res->recordCount() == 1) { $admin_name = $res->fields['admin_name']; $created_by = $res->fields['created_by']; $admin_fname = $res->fields['fname']; $admin_lname = $res->fields['lname']; $to = $res->fields['email']; $upass = passgen(); setPassword($uniqkey, $upass); write_log('Lostpassword: '******': password updated'); $query = "\n\t\t\tUPDATE\n\t\t\t\t`admin`\n\t\t\tSET\n\t\t\t\t`uniqkey` = ?,\n\t\t\t\t`uniqkey_time` = ?\n\t\t\tWHERE\n\t\t\t\t`uniqkey` = ?\n\t\t"; exec_query($sql, $query, array('', '', $uniqkey)); if ($created_by == 0) { $created_by = 1; } $data = get_lostpassword_password_email($created_by); $from_name = $data['sender_name']; $from_email = $data['sender_email']; $subject = $data['subject']; $message = $data['message']; $base_vhost = $cfg->BASE_SERVER_VHOST; $base_vhost_prefix = $cfg->BASE_SERVER_VHOST_PREFIX; if ($from_name) { $from = '"' . $from_name . '" <' . $from_email . '>'; } else { $from = $from_email; } $search = array(); $replace = array(); $search[] = '{USERNAME}'; $replace[] = $admin_name; $search[] = '{NAME}'; $replace[] = $admin_fname . " " . $admin_lname; $search[] = '{PASSWORD}'; $replace[] = $upass; $search[] = '{BASE_SERVER_VHOST}'; $replace[] = $base_vhost; $search[] = '{BASE_SERVER_VHOST_PREFIX}'; $replace[] = $base_vhost_prefix; $subject = str_replace($search, $replace, $subject); $message = str_replace($search, $replace, $message); $headers = 'From: ' . $from . "\n"; $headers .= "MIME-Version: 1.0\nContent-Type: text/plain; charset=utf-8\nContent-Transfer-Encoding: 7bit\n"; $headers .= 'X-Mailer: EasySCP lostpassword mailer'; $mail_result = mail($to, $subject, $message, $headers); $mail_status = $mail_result ? 'OK' : 'NOT OK'; $from = tohtml($from); write_log("Lostpassword activated: To: |{$to}|, From: |{$from}|, Status: |{$mail_status}| !", E_USER_NOTICE); return true; } return false; }
// ============================================================================ // ============================================================================ // POST Method // ============================================================================ if ($_SERVER['REQUEST_METHOD'] == 'POST') { // Prevent editors to administrate other users. if ($Login->role() !== 'admin') { $_POST['username'] = $Login->username(); unset($_POST['role']); } if (isset($_POST['delete-user-all'])) { deleteUser($_POST, true); } elseif (isset($_POST['delete-user-associate'])) { deleteUser($_POST, false); } elseif (!empty($_POST['new-password']) && !empty($_POST['confirm-password'])) { setPassword($_POST['username'], $_POST['new-password'], $_POST['confirm-password']); } else { editUser($_POST); } } // ============================================================================ // Main after POST // ============================================================================ if ($Login->role() !== 'admin') { $layout['parameters'] = $Login->username(); } $_user = $dbUsers->getDb($layout['parameters']); // If the user doesn't exist, redirect to the users list. if ($_user === false) { Redirect::page('admin', 'users'); }
function admin_users($do, $user_id = "") { global $DBCFG; global $DB; $userId = $_SESSION[$_SESSION["CFGURL"]][ssuser_id]; if (is_numeric($user_id)) { $arrayUserData = ARRAYdatosUser($user_id); if ($arrayUserData[nivel] == '1') { //Cehcquear que sea ADMIN $sqlCheckAdmin = SQL("select", "count(*) as cant from {$DBCFG['DBprefix']}usuario where nivel='1' and estado='ACTIVO'"); $arrayCheckAdmin = $sqlCheckAdmin->FetchRow(); } } switch ($do) { case 'actua': $POSTarrayUser = doArrayDatosUser($_POST); //Normalice admin $nivel = $POSTarrayUser["isAdmin"] == '1' ? '1' : '2'; //Check have one admin user if ($arrayUserData["nivel"] == '1' && $arrayCheckAdmin["cant"] == '1') { $nivel = '1'; } $POSTarrayUser[apellido] = trim($POSTarrayUser[apellido]); $POSTarrayUser[nombres] = trim($POSTarrayUser[nombres]); $POSTarrayUser[mail] = trim($POSTarrayUser[mail]); $POSTarrayUser[pass] = trim($POSTarrayUser[pass]); $POSTarrayUser[orga] = trim($POSTarrayUser[orga]); $POSTarrayUser[apellido] = $DB->qstr($POSTarrayUser[apellido], get_magic_quotes_gpc()); $POSTarrayUser[nombres] = $DB->qstr($POSTarrayUser[nombres], get_magic_quotes_gpc()); $POSTarrayUser[mail] = $DB->qstr($POSTarrayUser[mail], get_magic_quotes_gpc()); $POSTarrayUser[orga] = $DB->qstr($POSTarrayUser[orga], get_magic_quotes_gpc()); $POSTarrayUser[pass] = trim($POSTarrayUser[pass]); $POSTarrayUser["status"] = $POSTarrayUser["isAlive"] == 'ACTIVO' ? 'ACTIVO' : 'BAJA'; //Check have one admin user if ($POSTarrayUser["status"] == 'BAJA' && $arrayUserData["nivel"] == '1' && $arrayCheckAdmin["cant"] == '1') { $POSTarrayUser["status"] = 'ACTIVO'; } $sql = SQL("update", "{$DBCFG['DBprefix']}usuario\r\n\t\t\tSET apellido={$POSTarrayUser['apellido']},\r\n\t\t\tnombres= {$POSTarrayUser['nombres']},\r\n\t\t\tmail={$POSTarrayUser['mail']},\r\n\t\t\tuid='{$userId}',\r\n\t\t\torga= {$POSTarrayUser['orga']}\r\n\t\t\tWHERE id= '{$arrayUserData['user_id']}'"); //set password if (strlen($POSTarrayUser[pass]) > 0) { setPassword($arrayUserData["user_id"], $POSTarrayUser[pass], CFG_HASH_PASS); } //only admin if ($_SESSION[$_SESSION["CFGURL"]]["ssuser_nivel"] == '1') { $sql = SQL("update", "{$DBCFG['DBprefix']}usuario\r\n\t\t\t\tSET estado='{$POSTarrayUser['status']}',\r\n\t\t\t\tnivel='{$nivel}',\r\n\t\t\t\tuid='{$userId}',\r\n\t\t\t\thasta=now()\r\n\t\t\t\tWHERE id='{$arrayUserData['user_id']}'"); } break; case 'estado': $new_estado = $POSTarrayUser["status"] == 'ACTIVO' ? 'ACTIVO' : 'BAJA'; //Check have one admin user if ($new_estado == 'BAJA' && $arrayUserData["nivel"] == '1' && $arrayCheckAdmin["cant"] == '1') { $new_estado = 'ACTIVO'; } $sql = SQL("update", "{$DBCFG['DBprefix']}usuario\r\n\t\t\tSET estado='{$new_estado}',\r\n\t\t\tuid='{$userId}',\r\n\t\t\thasta=now()\r\n\t\t\tWHERE id='{$arrayUserData['user_id']}'\r\n\t\t\t"); break; case 'alta': $POSTarrayUser = doArrayDatosUser($_POST); $nivel = $POSTarrayUser[isAdmin] == '1' ? '1' : '2'; $POSTarrayUser["apellido"] = trim($POSTarrayUser[apellido]); $POSTarrayUser["nombres"] = trim($POSTarrayUser[nombres]); $POSTarrayUser["mail"] = trim($POSTarrayUser[mail]); $POSTarrayUser["pass"] = trim($POSTarrayUser[pass]); $POSTarrayUser["orga"] = trim($POSTarrayUser[orga]); $POSTarrayUser["apellido"] = $DB->qstr($POSTarrayUser[apellido], get_magic_quotes_gpc()); $POSTarrayUser["nombres"] = $DB->qstr($POSTarrayUser[nombres], get_magic_quotes_gpc()); $POSTarrayUser["mail"] = $DB->qstr($POSTarrayUser[mail], get_magic_quotes_gpc()); $POSTarrayUser["orga"] = $DB->qstr($POSTarrayUser[orga], get_magic_quotes_gpc()); $sql = SQLo("insert", "into {$DBCFG['DBprefix']}usuario\r\n\t\t\t(apellido, nombres, uid, cuando, mail, orga, nivel, estado, hasta)\r\n\t\t\tVALUES\r\n\t\t\t({$POSTarrayUser['apellido']}, {$POSTarrayUser['nombres']}, ?, now(), {$POSTarrayUser['mail']}, {$POSTarrayUser['orga']}, ?, 'ACTIVO', now())", array($userId, $nivel)); $user_id = $sql[cant]; //set password setPassword($user_id, $POSTarrayUser[pass], CFG_HASH_PASS); break; } return $user_id; }
function reset_password($ARRAYuser) { $string_pass = wp_generate_password(12, false); //set password setPassword($ARRAYuser["user_id"], $string_pass, CFG_HASH_PASS); $message = LABEL_mail_pass1 . ' ' . $ARRAYuser["mail"] . "\r\n\r\n"; $message .= LABEL_mail_pass2 . ' ' . $string_pass . "\r\n\r\n"; $message .= LABEL_mail_pass3 . "\r\n\r\n"; $message .= currentBasePage($_SESSION["CFGURL"]) . 'login.php' . "\r\n"; $title = sprintf('[%s] ' . LABEL_mail_passTitle, $_SESSION["CFGTitulo"]); $sendMail = sendMail($ARRAYuser["mail"], $title, $message); if ($sendMail) { return array("result" => true, "msg" => t3_messages("mailOK")); } else { return array("result" => false, "msg" => t3_messages("mailFail")); } }
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="application/xhtml+xml; charset=utf-8" /> <? include '../functions.inc'; $oldPassword = $_REQUEST['oldPassword']; $newPassword = $_REQUEST['newPassword']; ?> </head> <? $result = setPassword(trim($oldPassword),trim(sha1($newPassword))); //redirectTo("../adminPage.php"); switch ($result) { case '1': echo "changed"; break; case '0': echo "not changed"; break; case 'error': echo "error"; break; default: echo "default"; break; } ?> <script type="text/javascript" charset="utf-8"> parent.Mediabox.closerefresh();